How can you train crisis management of cyber events?

Janka Kreißl from the agency Dunkelblau talks about crisis prevention and crisis management in the face of cyber events. Tapping into her experience with many clients, she explains what smooth processes need and which stakeholders should be involved from the start.

Duration:

21 min

Guest in this episode:

Janka Keißl

Partner dunkelblau

FAQ

Facts on the topic

Why are there seemingly so few reported OT security incidents?

Statistics often provide a distorted picture. In the podcast, it becomes clear that while specialized crisis agencies like Dunkelblau receive about two new cyber-incident requests per week (approx. 100 per year), OT-specific cases are rarely among them. This is due to a high number of unreported cases and the fact that many companies still view OT as part of classical IT or refrain from communicating incidents publicly due to the perceived stigma.

What is the difference in incident response between IT security and OT security?

In classical IT, systems can often be isolated or shut down during an attack (e.g., via firewalls). In OT (Operational Technology), such as with energy providers, this is not easily possible because interrupting communication could prevent critical processes like emergency shutdowns. Therefore, experts in this field rely on Intrusion Detection Systems (IDS) that make anomalies transparent without directly blocking operations.

How can companies efficiently prepare for a cybersecurity incident?

Effective crisis management is based not just on technology, but on established structures and routines. Such as:

Assessment: Review existing manuals for relevance and accuracy.
Crisis Team: Define roles and alerting chains (including contingencies for when digital channels fail).
Communication: Create templates for the first critical hours of an incident.
Training: Conduct regular drills (tabletop or software-based) to transform theory into a management routine.

What role does the NIS2 regulation play for medium-sized enterprises?

The NIS2 Directive significantly increases the pressure on companies. Even those not classified as critical infrastructure often must provide evidence of compliance as part of the supply chain. Many medium-sized manufacturing companies are often caught off guard. An integrated Business Continuity Management (BCM) system that accounts for OT specifics is therefore no longer optional, but a regulatory necessity. More on NIS2 in OT environments can be found on Rhebo compliance.